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-- The MAILING DATE of this communication appears on the cover shoot with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)M This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) Ex3 Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 7-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

&*)□ Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9)^ The specification is objected to by the Examiner. 

10) S The drawing(s) filed on 13 March 2000 is/are: a)K accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) E3 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3.IEI Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claims 1-20 have been examined. 



Specification 



2. The title of the invention is not descriptive. A new title is required that is clearly 
indicative of the invention to which the claims are directed. The following title is 
suggested: 'Method for providing conditional access between a service provider and a 
set-top box using digital certificate authentication means'. 



3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claim 9 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

5. Claim 9 recites the limitation "said second identification data" in page 14. There 
is insufficient antecedent basis for this limitation in the claim. 

Claim Rejections - 35 (JSC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



Claim Rejections - 35 USC §112 
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(a) A patent may not be obtained though the invention is riot identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

8. Claims 1-7 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schneier Applied Cryptography 2 nd Edition (hereinafter Schneier). As per claim 1 0, 
Schneier teaches a basic authentication protocol using public-key cryptography to 
manage communication between two nodes A and B (see Schneier, page 51, 'Key and 
Message Transmission 1 ). Node B sends two encrypted messages to node A: the first 
encrypted message comprises the principle message to be exchanged, which is 
encrypted with a key k, and the second encrypted message comprises the key k 
encrypted using the public key of A. These two encrypted messages are sent to A, 
wherein A decrypts the second encrypted message with A's private key to retrieve key 
k, and then uses key k to decrypt the first encrypted message to retrieve the principle 
message. Completion of these steps establishes a secure communication channel 
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between the two nodes. In this basic protocol, the step of encrypting key k using A's 
public key by B wherein the encrypted key k is decrypted by A using A's private key is 
effectively equivalent to the step of encrypting key k using B's private key by B wherein 
the encrypted key k is decrypted by A using B's public key (see Schneier, pages 4-5, 
Public-key Algorithms'). 

9. Although this simple authentication scheme does not disclose the use of a digital 
certificate to secure a key k, Schneier teaches in a different section steps whereby a 
node B submits their digital certificate along with an encrypted principle message to a 
node A, wherein the digital certificate secures a public key that is used to decrypt the 
encrypted principle message, which was encrypted using the corresponding private key 
(see Schneier, pages 576-577, 'Authentication Protocols', steps 1-8). Furthermore, 
Schneier teaches that digital certificates are part of an entrenched framework (X.509 
protocol) to cryptographically secure subject identification and public keys for 
distribution (see Schneier, pages 575, 'Certificates'). It would be obvious to one of 
ordinary skill in the art at the time the invention was made for the decrypting key (public 
key of node B) of the encrypted principle message to be secured by a certificate. 
Motivation for such an implementation would enable node A to ensure that B's public 
key and B's subject identification information are valid since the information is verified 
by a trusted third party as taught by Schneier. This protocol is essential to avoid 
scenarios wherein an unscrupulous third party poses as node B using bogus public 
keys. 
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10. This modified authentication scheme does not further disclose the step of node A 
submitting the original principle message to node B, whereby through the steps listed 
above, A compares the decrypted principle message received from B and the original 
principle message to authenticate B. However, these steps correspond to simple 
challenge requests and responses initiated by A, returned by B, and verified by A. 
Schneier teaches challenge protocols as a means to verify that the responder to a 
message is also the receiver of the message and to ensure messages received from a 
responder is timely and not a replay of a previous dialogue (see Schneier, page 54, first 
4 steps; pages 57-58, 'Yahalom' and Table 3.1, 'Ra, Rb'; page 38, 'Signing Documents 
and Timestamps'; page 51 , 2 nd paragraph). These protocols use identifier information 
as well as a nonce and/or timestamp to achieve these means. It would be obvious to 
one of ordinary skill in the art at the time the invention was made to use the principle 
message as a challenge value to authenticate the identity of node B and the timeliness 
of the message received from node B. Motivation for such an implementation would 
enable node A to authenticate node B using standard challenge means as taught by 
Schneier. Finally, this modified authentication scheme further discloses a final 
authentication step of A sending to B a third encrypted message comprising the data of 
B's identification garnered from B's digital certificate and encrypted using A's private key 
wherein B decrypts the third encrypted message using A's public key (see Schneier, 
page 577, steps 9-15). As noted above, this final step is effectively equivalent to the 
third encrypted message being encrypted by A using B's public key garnered from B's 
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digital signature wherein B decrypts the third encrypted message using B's private key. 
The aforementioned covers claim 10. 

11. As per claim 1 , it is a method claim corresponding to claim 10 and it does not 
teach or define above the information claimed in claim 10. Therefore, claim 1 is 
rejected as being unpatentable over Schneier for the same reasons set forth in the 
rejection of claim 1 . 

12. As per claim 2, Schneier covers a method for managing access to a device as 
outlined above in the claim 1 rejection under 35 U.S.C. 103(a). In addition, as 
mentioned above, the first message (the original principle message sent from node A to 
node B) comprises data associated with node A and a timestamp. 

1 3. As per claims 3-6, they are method claims corresponding to claims 2 and 1 0 and 
they do not teach or define above the information claimed in claims 2 and 10. 
Therefore, claims 3-6 are rejected as being unpatentable over Schneier for the same 
reasons set forth in the rejections of claims 2 and 10. 

14. As per claim 7, Schneier covers a method for managing access to a device as 
outlined above in the claim 6 rejection. In addition, the digital certificate and 
corresponding public key associated with the subject (node B) is issued by an 
independent certificate authority (see Schneier, pages 574-575, X.509 framework). 
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15. Claims 8, 9, and 1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Schneier, and further in view of Arnold U.S. Patent No. 5,787,172 (hereinafter 
Arnold). As per claim 1 1 , Schneier covers a method for managing access between two 
nodes as outlined above in the claim 1-7 and 10 rejections under 35 U.S.C. 103(a). 
Although Schneier is silent on the matter of the managing access method being 
integrated between a service provider, a set-top box, and a smart card, authentication 
methods utilizing certificates to authenticate between these devices are well known in 
the art. As an example, Arnold discloses a method for authenticating a cryptographic 
link between a service provider and a set-top box using a smart card coupled thereto by 
means of certificate authentication (see Arnold, Figures 1 and 7A-7C and related text). 

It would be obvious to one of ordinary skill in the art at the time the invention was made 
to integrate the method covered by Schneier in a connected system between a service 
provider and a set-top box authenticated with a smart card as disclosed by Arnold. 
Motivation for such an implementation would enable services provided by the service 
provider to be restricted based on user rights and privileges stored on the smart card 
and actuated by a set-top box. 

1 6. As per claim 8, it is a method claim corresponding to claims 1,10, and 1 1 and it 
does not teach or define above the information claimed in claims 1,10, and 1 1 . 
Therefore, claim 8 is rejected as being unpatentable over Schneier in view of Arnold for 
the same reasons set forth in the rejections of claims 1,10, and 1 1 . 
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17. As per claim 9, Schneier covers a method for managing access to a device as 
outlined above in the claim 8 rejection under 35 U.S.C. 103(a). In addition, Schneier 
teaches that digital certificates comprise data associated with the certificate authority 
issuing the certificate and data associated with the validity of the digital certificate (see 
Schneier, page 574, Figure 24.2, Issuer' and 'Signature'). 

18. Claims 12-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Schneier in view of Arnold, and further in view of Force et al. U.S. Patent No. 5,533,123 
(hereinafter Force). As per claim 12, Schneier covers a method for managing access 
as outlined above in the claim 1 1 rejection under 35 U.S.C. 103(a). Schneier does not 
expressly disclose that the smart card comprises a plurality of digital certificates, each 
certificate containing service provider identification. However, smart cards are 
conventionally designed to incorporate multiple types of information, including a plurality 
of certificates, each certificate identifying a distinct service. As an example, Force 
discloses a smart card having this quality (see Force, col. 3, lines 22-31 ). It would be 
obvious to one of ordinary skill in the art at the time the invention was made for the 
smart card to carry a plurality of certificates, wherein each certificate contains service 
provider information. Motivation for such an implementation would enable access to a 
plurality of services using only one smart card. 
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19. As per claims 13-20, they are method claims corresponding to claims 1-12 and 
they do not teach or define above the information claimed in claims 1-12. Therefore, 
claims 13-20 are rejected as being unpatentable over Schneier in view of Arnold and/or 
Force for the same reasons set forth in the rejections of claims 1-12. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Rohatgi et al. U.S. Patent No. 5,625,693. 
Ohashi et al. U.S. Patent No. 5,761,309. 
Kaliski, Jr. U.S. Patent No. 6,085,320. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W Kim whose telephone number is (703) 305- 
8289. The examiner can normally be reached on M-F 9:00 A.M. to 5:00 P.M.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free), f J 
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